Network World - Maureen Martin of The Heartland Institute, a think tank promoting public policy based on individual liberty, limited government and free markets, argues that the new Health Information Technology for Economic and Clinical Health Act exposes too much personal information.
When President Obama talked about computerizing medical records during the presidential campaign, the plan sounded benign; he said it would give "doctors and nurses easy access to all the necessary information about their patients." But now that his plan has become law, it turns out lots of other people will have "easy access" too.
The Health Information Technology for Economic and Clinical Health Act (HITECH) was passed by Congress and signed by President Obama on Feb. 17, 2009, as part of the stimulus bill. Despite supposedly heightened privacy provisions, the details of HITECH are chilling. These, of course, are the very details most members of Congress didn't bother reading before voting for the bill.
Under HITECH, every American's "health information" is to be computerized by 2014. Health information is anything to do with "the past, present, or future physical or mental health or condition of an individual." It includes information known to "healthcare providers." Health information is not just what our doctors and nurses know but also information from any source that is known to our employers, schools and universities, which are now all defined as healthcare providers. The government, through the U.S. Department of Health and Human Services, is to arrange for this information to be shared not only with direct healthcare providers but also with "the government" and "other interested parties."
Creating these computerized records will require a vast assortment of laboring oars, all of which will have access to our electronic health information records. These include the outside "vendors of personal health records" that create and maintain them and the "third-party service providers" that help them out. It also includes "business associates" of "healthcare providers"-- and business associates' lenders, consultants, accountants and lawyers.
All of these laboring oars are sworn to secrecy, of course, but what happens if they disclose your records? Not much. If the disclosure is accidental or unintentional, nothing happens. Those whose disclosures are willful may face prosecution for fines from US$10,000 to $100,000. But there are two reasons why this consequence is lame. First, crimes involving specific intent are notoriously difficult to prove. Second, there are no funds for more government prosecutors, who will likely view many privacy violations as too trivial to bother with, even if they are a big deal to the individual involved.
And it gets worse. Our electronic health information records can be freely sold for research -- which means any "systematic investigation" aimed at contributing to general knowledge. And our employers can buy these records to "conduct an evaluation relating to medical surveillance of the workplace" and evaluate whether our illnesses or injuries are work-related. So employers can review our health information "just in case" our ailments might be work-related. And there are no restrictions on resale of this information by these employers and researchers.
Finally, the U.S. Comptroller General is authorized to examine the extent to which all of this information-sharing is "successful with respect to the quality of the resulting healthcare provided to the individual" and report on this to the U.S. Senate and House. Which means it will be open season on our private information.
Participation in this program by health care providers isn't mandatory, but the $19 billion in federal subsidies and penalties for Medicare/Medicaid doctors who don't join in are powerful incentives.
There's only one way around all this: The next time you go to the doctor, just say, "Hi, doc, I'm feeling fine."
Maureen Martin (mmartin@heartland.org) is senior fellow for legal affairs at The Heartland Institute.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
